5 Keys to Effective Compliance Risk Management

ADA Compliant Credit Union Web Design and Secure Hosting by GrafWebCUSO
5 Keys to Effective Compliance Risk Management
5 Keys to Effective Compliance Risk Management
September 20, 2016 Marketing GrafWebCUSO

Risk, by definition, implies uncertainty. In today’s ever-changing regulatory environment, credit unions must develop and implement an effective enterprise-wide compliance risk management program to mitigate and manage their compliance risk. To be clear, risk management is not the elimination of risk, but rather the responsible balancing of risk versus reward. In order to effectively manage compliance risk, credit unions must conduct compliance risk assessments on their products, services, operations and the regulatory impact on such. You cannot mitigate risk if you do not know it exists.

A compliance risk assessment is used to identify risk to the credit union and its members (both consumer and commercial) by incorporating the inherent risks in a particular line of business, product or service and the quality of controls implemented by the institution to manage and mitigate those risks. An effective compliance risk assessment should include, at a minimum, risk identification, measurement, control, monitoring and reporting. During my 20 years in the industry, I’ve found there are five key components that contribute to the success of a compliance risk management program.

1. Put a system in place.

The framework of your risk management program should provide a method for communicating and documenting evaluations regarding:

  • The quantity of risk (low, moderate, high), including the methodology in assigning risk ratings;
  • The quality of risk management (how well the board and management identifies, measures, controls and monitors risk);
  • An aggregate synopsis of the institution’s risk (the balance of risk versus reward inclusive of the quality and quantity of risk); and
  • The direction of the risk (increasing, decreasing or unchanged).

2. Define tolerance for risk.

A comprehensive risk assessment should be commensurate with your credit union’s size, product offerings, service area(s) and appetite for risk. To understand your credit union’s tolerance for compliance risk, examine the scope and complexity of its business activities, market service areas, and delivery channels for products and services.

3. Identify risk factors.

The greater the risks, the more extensive the compliance risk management program must be to ensure sufficient controls are in place to mitigate the inherent risk in such activities. Consider the following factors:

  • Strategic and business growth, complexity and trends;
  • Product features, characteristics, volume, stability and third-party involvement;
  • Legal and regulatory factors, including nonconformance consequences; and
  • Environmental factors such as market conditions, demographics and competition.

The risk assessment should incorporate and calculate inherent and residual risk. Inherent risk is the level of risk before controls are applied, while residual risk is the level of risk remaining post-implementation of controls. The calculation should encompass the exposure, quantity or likelihood, and quality of risk to the credit union. Enterprise-wide compliance risk management should identify, prioritize and assign accountability for managing potential legal and non-compliance threats that could lead to fines, penalties, reputational damage or prohibition of operating in, or expanding to, various markets.

4. Incorporate regulations.

The regulatory landscape is constantly shifting, both in new regulations and interpretations of existing regulations. As such, regulators expect institutions to regularly assess risk for:

  • Overall consumer compliance
  • Fair lending
  • Unfair, deceptive, and abusive acts and practices
  • BSA/AML and OFAC
  • Vendor management

These particular areas pose the most significant compliance risk for institutions of all sizes. Violations in these areas often cause significant consumer harm as well as legal, financial, operational, and reputational harm to the institution. It is essential for every credit union to incorporate each of these areas in its product lifecycle risk assessment, not just at the time of product development but throughout the entire cycle. By factoring in fair lending, UDAAP, BSA/AML/OFAC and vendor management risks into the product lifecycle, the credit union can proactively mitigate and manage compliance risk.

5. Continually update.

The risk assessment is a living process that must be adjusted as market, regulations, offerings and management’s appetite for risk changes. Risk must be assessed from both a current and perspective view of the credit union’s risk profile. Look-back risk assessments should be considered when regulatory reprieves or new interpretations of existing regulations pose a threat or concern to the credit union’s then-current position.

Through effective compliance risk management, a credit union can increase its efficiency and financial performance by minimizing and mitigating errors while focusing on appropriate operational decision making.

Leah M. Hamilton, JD is chief compliance officer for Temenos. She can be reached at 407-341-6764 or lhamilton@temenos.com.

Related posts:

  1. Credit Union Goes to Video to Connect With Members
  2. Voters Want Banking ‘Reform,’ New Poll Finds
  3. NCUA Board May Solicit Comment on Closing Stabilization Fund
  4. How American Families Pay for College: 2017
September 20, 2016
Categories:News
0 Likes

Related Articles

D.C. Memo Reveals Plans for Regulation Rollback Gutting CFPB’s Power

D.C. Memo Reveals Plans for Regulation Rollback Gutting CFPB’s Power

by
Rep Calls on NCUA to Delay Fund Merger, Increase in Operating Level

Rep Calls on NCUA to Delay Fund Merger, Increase in Operating Level

by
The Nation’s Most Affordable and Least Affordable Home Markets

The Nation’s Most Affordable and Least Affordable Home Markets

by
Treasury’s Financial Crimes Unit Releases Cyber Guidance

Treasury’s Financial Crimes Unit Releases Cyber Guidance

by